Skip to main content
SpringerLink
Log in

Modeling Internet-Scale Policies for Cleaning up Malware

  • Conference paper
  • First Online:
Economics of Information Security and Privacy III

Abstract

An emerging consensus among policy makers is that interventions undertaken by Internet Service Providers are the best way to counter the rising incidence of malware. However, assessing the suitability of countermeasures at this scale is hard. In this paper, we use an agent-based model, called ASIM, to investigate the impact of policy interventions at the Autonomous System level of the Internet. For instance, we find that coordinated intervention by the 0.2%-biggest ASes is more effective than uncoordinated efforts adopted by 30% of all ASes. Furthermore, countermeasures that block malicious transit traffic appear more effective than ones that block outgoing traffic. The model allows us to quantify and compare positive externalities created by different countermeasures. Our results give an initial indication of the types and levels of intervention that are most cost-effective at large scale.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 169.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Code available at http://ftg.lbl.gov/projects/asim.

  2. 2.

    Except for the very first agent, of course.

  3. 3.

    The population of the location, divided by the number of agents with presence at that location.

  4. 4.

    www.routeviews.org.

  5. 5.

    www.ripe.net.

  6. 6.

    Data and tools available at http://ftg.lbl.gov/projects/asim.

  7. 7.

    www.maxmind.com.

  8. 8.

    http://isc.sans.edu/feeds/daily_sources.

  9. 9.

    av_degree = 4.2, extent_cost = 1.5, base_income = 5, pop_distr_exp = -1, wickedness = 0.1.

  10. 10.

    As of May 2010.

References

  1. Ajelli M, Lo Cigno R, Montresor A (2010) Modeling botnets and epidemic malware. In: 2010 IEEE international conference on communications (ICC), pp 1–5

    Google Scholar 

  2. Anderson R, Böhme R, Clayton R, Moore T (2008) Security economics and European policy. In: Johnson ME (ed) Managing information risk and the economics of security, Springer, Berlin, pp 55–80

    Google Scholar 

  3. Anderson R, Moore T (2006) The economics of information security. Science 314(5799):610–613

    Article  Google Scholar 

  4. Anderson RM, May RM (1992) Infectious diseases of humans dynamics and control. Oxford University Press, Oxford

    Google Scholar 

  5. Aspnes J, Rustagi N, Saia J (2007) Worm versus alert: who wins in a battle for control of a large-scale network? In: Proceedings of the 11th international conference on principles of distributed systems, OPODIS’07, Springer, Berlin, pp 443–456

    Google Scholar 

  6. Association II (2010) Internet service providers voluntary code of practice for industry self-regulation in the area of cyber security. http://iia.net.au/images/resources/pdf/iiacybersecuritycode_implementation_dec2010.pdf

  7. Chang H, Jamin S, Willinger W (2003) Internet connectivity at the AS-level: an optimization-driven modeling approach. In: MoMeTools ’03: Proceedings of the ACM SIGCOMM workshop on models, methods and tools for reproducible network research, ACM, New York, NY, USA, pp 33–46. DOI 10.1145/944773.944780

    Google Scholar 

  8. Chang H, Jamin S, Willinger W (2006) To peer or not to peer: modeling the evolution of the Internet’s AS-level topology. In: Proc. IEEE INFOCOM

    Google Scholar 

  9. Clayton R (2010) Might governments clean up malware? In: Workshop on the economics of information security. http://weis2010.econinfosec.org/papers/session4/weis2010_clayton.pdf

  10. Comcast: Comcast.net security—constant guard. http://security.comcast.net/constantguard/

  11. Coull SE, Szymanski BK (2005) A reputation-based system for the quarantine of random scanning worms

    Google Scholar 

  12. Dagon D, Zou C, Lee W (2006) Modeling botnet propagation using time zones. In: In Proceedings of the 13th network and distributed system security symposium NDSS

    Google Scholar 

  13. van Eeten M, Asghari H, Bauer JM, Tabatabaie S (2011) Internet service providers and botnet mitigation: a fact-finding study on the Dutch market. Technical report, Netherlands Ministry of Economic Affairs, Agriculture and Innovation, The Hague. http://rijksoverheid.nl/ministeries/eleni/documenten-en-publicaties/rapporten/2011/01/13/internet-service-providers-and-botnet-mitigation.html

  14. van Eeten M, Bauer JM (2008) Economics of malware: security decisions, incentives and externalities. Technical report, OECD STI Working paper 2008/1. http://www.oecd.org/dataoecd/53/17/40722462.pdf

  15. van Eeten M, Bauer JM, Asghari H, Tabatabaie S (2010) The role of internet service providers in botnet mitigation: an empirical analysis based on spam data. Technical report, OECD STI Working Paper 2010/5. http://www.oecd.org/officialdocuments/publicdisplaydocumentpdf/?cote=dsti/doc(2010)5&docLanguage=En

  16. Evron G (2009) Dutch isps sign anti-botnet treaty. Dark Reading. http://www.darkreading.com/blog/archives/2009/09/dutch_isps_sign.html

  17. Fei S, Zhaowen L, Yan M (2009) A survey of internet worm propagation models. In: Broadband network multimedia technology, 2nd IEEE International Conference on IC-BNMT ’09, pp 453–457

    Google Scholar 

  18. Ganesh A, Massouli L, Towsley D (2005) The effect of network topology on the spread of epidemics. In: IEEE INFOCOM, pp 1455–1466

    Google Scholar 

  19. Haynes KE, Fotheringham A (1984) Gravity and spatial interaction models. Sage Publications, Beverley Hills, CA

    Google Scholar 

  20. Holme P, Karlin J, Forrest S (2008) An integrated model of traffic, geography and economy in the internet. ACM SIGCOMM Computer Commun Rev 38(3):7–15

    Article  Google Scholar 

  21. Karge S (2010) The german anti-botnet initiative. In: OECD workshop on the role of internet intermediaries in advancing public policy objectives. http://www.oecd.org/dataoecd/42/50/45509383.pdf

  22. Lelarge M (2009) Economics of malware: epidemic risks model, network externalities and incentives. In: Proceedings of the 47th annual allerton conference on communication, control, and computing, pp 1353–1360

    Google Scholar 

  23. Lelarge M, Bolot J (2009) Economic incentives to increase security in the internet: the case for insurance. In: INFOCOM 2009, IEEE, pp 1494–1502

    Google Scholar 

  24. Mody N, O’Reirdan M, Masiello S, Zebek J (2009) Messaging Anti-abuse working group common best practices for mitigating large scale bot infections in residential networks. http://www.maawg.org/system/files/news/MAAWG_Bot_Mitigation_BP_2009-07.pdf

  25. Moore D, Shannon C, Voelker G, Savage S (2003) Internet quarantine: requirements for containing self-propagating code. In: INFOCOM 2003. Twenty-second annual joint conference of the IEEE computer and communications. IEEE societies, vol 3, pp 1901–1910

    Google Scholar 

  26. Moore T, Clayton R (2008) The consequence of non-cooperation in the fight against phishing. In: Anti-phishing working group eCrime researchers summit (APWG eCrime), pp 1–14. URL http://people.seas.harvard.edu/~tmoore/ecrime08.pdf

  27. Moore T, Clayton R, Anderson R (2009) The economics of online crime. J Economic Perspect 23(3):3–20

    Article  Google Scholar 

  28. Newman MEJ (2002) Spread of epidemic disease on networks. Phys Rev E 66(1)

    Google Scholar 

  29. Omic J, Orda A, Van Mieghem P (2009) Protecting against network infections: a game theoretic perspective. In: INFOCOM, IEEE, pp 1485–1493

    Google Scholar 

  30. Palmieri F, Fiore U (2008) Containing large-scale worm spreading in the internet by cooperative distribution of traffic filtering policies. Comput Secur 27(1–2):48–62

    Article  Google Scholar 

  31. Porras P, Saidi H, Yegneswaran V (2009) An analysis of conficker’s logic and rendezvous points. Technical report, SRI International. http://mtc.sri.com/Conficker/

  32. Schafer J, Malinka K, Hanacek P (2008) Malware spreading models in peer-to-peer networks. In: Security technology, 42nd annual IEEE international Carnahan conference on ICCST 2008, pp 339–345

    Google Scholar 

  33. Stone-Gross B, Moser A, Kruegel C, Kirda E, Almeroth K (2009) FIRE: FInding Rogue nEtworks. In: Proceedings of the annual computer security applications conference (ACSAC). Honolulu, HI

    Google Scholar 

  34. Varian HR (2004) System reliability and free riding. In: Economics of information security, Kluwer Academic Publishers, Dordrecht, pp 1–15

    Google Scholar 

  35. Wei S, Mirkovic J, Swany M (2005) Distributed worm simulation with a realistic internet model. In: Principles of advanced and distributed simulation, Workshop on PADS 2005, pp 71–79

    Google Scholar 

Download references

Acknowledgements

The authors gratefully acknowledge the support of DOE grant DE-AC02-05CH11231. Stephanie Forrest acknowledges partial support of DARPA (P-1070-113237), NSF (EF1038682,SHF0905236), and AFOSR (Fa9550-07-1-0532).

Author information

Authors and Affiliations

  1. Lawrence Berkeley National Laboratory, Berkeley, CA, 94720, USA

    Steven Hofmeyr

  2. Harvard University, Cambridge, MA, 02138, USA

    Tyler Moore

  3. University of New Mexico, Albuquerque, NM, 87131, USA

    Stephanie Forrest, Benjamin Edwards & George Stelle

Authors
  1. Steven Hofmeyr
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Tyler Moore
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Stephanie Forrest
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Benjamin Edwards
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. George Stelle
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Steven Hofmeyr .

Editor information

Editors and Affiliations

  1. Minneapolis, Minnesota, USA

    Bruce Schneier

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer Science+Business Media New York

About this paper

Cite this paper

Hofmeyr, S., Moore, T., Forrest, S., Edwards, B., Stelle, G. (2013). Modeling Internet-Scale Policies for Cleaning up Malware. In: Schneier, B. (eds) Economics of Information Security and Privacy III. Springer, New York, NY. https://doi.org/10.1007/978-1-4614-1981-5_7

Download citation

  • DOI: https://doi.org/10.1007/978-1-4614-1981-5_7

  • Published:

  • Publisher Name: Springer, New York, NY

  • Print ISBN: 978-1-4614-1980-8

  • Online ISBN: 978-1-4614-1981-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation